Yet more on Win32/Stuxnet

Our colleagues in Bratislava have issued a press release which focuses on the clustering of reports from the US and Iran, and also quotes Randy Abrams, whose follow-up blog also discusses the SCADA-related malware issue at length.

The Internet Storm Center has, unusually, raised its Infocon level to yellow in order to raise awareness of the issue and “preempt a major issue resulting from its exploitation.

Softpedia and Computerworld are among sites noting the publication of exploit code using the .LNK vulnerability.

Our colleagues in Spain have also published a blog that makes a couple of points worth reiterating.

Use an antivirus product capable of detecting these threats. Of course, you’d expect us to say something like this since anti-malware is what we sell, but the fact is that at this moment AV detection may be a better solution for the currently known threats than the workarounds suggested by Microsoft in their advisory. Note, however, that there are indications that those responsible for the initial attacks are already taking measures to vary the attack. (More about that later.)

If you’re using XP SP2, it’s quite possible that there will be no patch from Microsoft that will help you when they are ready to patch. Of course, the same applies to Windows 2000 users, only more so. At least SP2 users should be able to get respite by upgrading to SP3.

Yes, there was a short time we had to pull the generic detection to fix a problem. it was then put back into the updates and you will find the PoC is detected as are some new .lnk files we are beginning to see used for malware.